On Rab, 2016-08-03 at 12:34 +0200, Arturo Filastò wrote:
Hi Khairil,
The system resolver is determined by querying a public service run by akamai called whoami.akamai.net.
You can see our implementation of such service to see how it works here: https://github.com/TheTorProject/ooni-backend/blob/master/oonib/testh elpers/dns_helpers.py#L26
We don’t use our own servers for doing this as we are assuming that using a public service vs using something hosted on a ooni.* domain is more stealth.
The basic idea behind how it works is that you do an A lookup for a special domain and the delegated authoritative name server will reflect back the IP address from where the query originated.
The reason why you are seeing a different IP than that where you are directing your queries to is that quite often DNS resolvers are deployed in a way where the machine actually doing the queries and then caching them are different than those where you make queries to.
As an example with the google DNS resolver you will see this:
$ dig +short whoami.akamai.net @8.8.8.8 74.125.47.143
However you can confirm that actually that IP is in the range allocated to google:
$ whois 74.125.47.143 | grep ^Organization Organization: Google Inc. (GOGL)
Hope this answers your question.
~ Arturo
Thanks Arturo, that's a very clear explanation and also the pointer to the code.
<snip>